Highlights

I have been obsessed with technology for as long as I can remember, and have been working in the web development/ops/security field for about a decade. A few highlights over the last couple of years:

Snooty Software

I started Snooty Software with Joachim Nolten to build products that automate the repetitive parts of programming. We recently launched Textractor, a tool that prepares Rails ERB templates for internationalization.

For an example of what goes on under the hood of Textractor, check out my post on using XPath to query AST, published by Ruby Inside.

Zerocopter, a security startup

Built a docker-based infrastructure for running security scanners.

Assessed, centralized and enhanced logging/monitoring of all infrastructure to improve reliability.

Designed and implemented a highly customized VPN solution.

Built a hack test platform: a web app that has various types of simulated vulnerabilities, so potential researchers can demonstrate their skills. One of the challenges was simulating vulnerabilities without actually being vulnerable.

Silk, a data visualization startup.

Professionalized ops: introduced a number of processes such as backup recovery tests, capacity planning, security checks and more.

Improved reliability: tweaked monitoring to eliminate false-positive's, solved a number of recurring issues.

Made large performance improvements, among other things by adding profiling instrumentation to the micro-services and tweaking the Varnish config.

Blendle, a journalism startup.

Grew backend/ops team from two to about fifteen.

Designed and built micropayments system, including double entry book-keeping and much more.

Was responsible for reliability, performance, appsec.

Breach assessment and infrastructure rebuild.

For a former client I assessed the impact of a security breach and helped them rebuild their entire network, including workstations and servers.

Research and pro bono highlights

Open Embassy

Open Embassy is an online helpdesk that enables status holders (refugees with a permit) to ask questions about their integration process in a privacy proof private chatroom.

Consulted on various privacy/security issues.

Assisted with various infrastructure tasks.

Code review.

TBDT

TBDT is a novel approach to preventing correlation attacks on anonymity networks such as Tor and I2P.

It uses asymmetric crypto to enforce dummy traffic, rendering a passive global attacker unable to do correlation attacks on low-latency anonymity networks. It's not intended for actual usage due to various issues related to reliability and performance.